Re: fork bomb attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I agree. I think the default is 16384.

on RHEL 3, Fedora and SuSE it really slows the server down as a normal user and
it takes a few for the server to recover.

I guess a "good" security conscience admin. can possibly prevent such slowdown but
it would be nice for it to come from the vendor or the community first. :)


Thanks,

LDB

Michael Schwendt wrote:

On Fri, 18 Mar 2005 20:37:39 +0100, Ralf Ertzinger wrote:



Hi.

Dave Jones <davej@xxxxxxxxxx> wrote:



If we set strict ulimits by default we'd have people writing articles
like "Fedora is teh suck, I can't malloc more than xMB in a single
process" What's fit for one configuration may not be for another.
One size most definitly does not fit all.


Especially as the article is quite uninformative about the resource
that was exhausted. My FD has a ulimit on the number of processes,
and I did not set that, and it has been this way for some time, I think.



The default ulimit on max user processes is so high, it doesn't serve as
protection. An admin must find much tighter limits to make a box more
secure against fork bomb DoS attacks.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux